Overview:
AWS Web Application Firewall is a firewall that protects web applications and APIs from commonly found web exploits that can compromise security, impact high availability, consume excessively and exhaust resources.
A WAF allows you to monitor and track requests to your AWS resources. You can also block or allow them through a predetermined set rules. It would result in cleaner server application logs and common attacks mitigation, less traffic to the server instances, and cost-cutting.
Source: aws.amazon.com
AWS CloudFront supports custom origins to serve content. This means that you can have a WAF protect any server even if it is not hosted on AWS. The API Gateway can also act as an HTTP proxy, allowing a WAF protection for any non-hosted AWS APIs as traffic passes through the gateway.
The WAF is composed of a Web ACL that is assigned to one or more AWS resources. The Web ACL is a collection rules that determine whether a request should be allowed or denied. These rules can be yours or provided by a third party.
The request is forwarded to the WAF by the protected AWS Resource. If the WAF decides that the request should not be allowed based on the rules applied, the AWS resource generates a 403 response back from the client. If the request is granted, it will be forwarded onwards. The AWS resource type determines the 403 response. Some resources, like CloudFront, allow for customization of the default message. An attacker will not be able to see that the WAF blocked the request.
Monitoring WAF allows for you to log requests through a Kinesis Firehouse into various AWS services, such as Redshift, S3 Bucket and Elastic Search Service. CloudWatch metrics can be created by any rule or rule group. This allows you to track the number and count of blocked, allowed, and counted requests in your CloudWatch dashboard.
Setup WAF
Step 1: Verify that IAM user has proper access to AWS managed WAF Policies
For AWS managed WAF policies, get the administrator’s permission
Step 2: In the search bar, type WAF & Shield in:
To open the service, click on WAF & Shield.
Step 3: Create a Web ACL
To create a web ACL
You can create a web ACL.
In the Name Block, enter your name to identify this web ACL.
On the Description block, type a description of the web ACL
Enter the name you desire on CloudWatch metric name blocks. Check the console’s guidance for valid characters.
Select CloudFront distributions, or regional resources according to your requirement.
If you choose regional resources, select Add AWS resources to access Associated AWS Resources. Select the resources you wish to use in the dialog box and then click Add.
Select Next
Step 4: Create an AWS Managed Rule group
To add an AWS Managed Rules Rule Group.
Select Add rules and rule group pages and choose Add rules to add managed rule groups.
The AWS managed group listing can be viewed on the Add managed rules groups page. You can also select listings available for AWS Marketplace sellers. You can subscribe to them and use them the same way you would for AWS Managed Rules rule group.
Select the rule group you wish to add. Turn on the Add to Web ACL toggle in the Action column.
Select Edit, then turn on the set all rules actions to count toggle in the rule group’s Rules list. This sets the rule group’s action to count only. It allows you to see how all rules in the rule set interact with your web requests, before you use any of them.
Select Save rule. Select Add rules from the Add managed group page. This will take you to the Add rules or rule groups page.
Step 5: Complete your Web ACL configuration.
To complete your we
